datatracker.ietf.org
Sign in
Version 5.7.4, 2014-11-12
Report a bug

Authorization and Access Control (aac)
(concluded WG)

Note: The data for concluded WGs is occasionally incorrect.
Group
Name: Authorization and Access Control
Acronym:aac
Area:Security Area (sec)
State: Concluded
Charter: charter-ietf-aac-01 (Approved)
Personnel
Chair: Clifford Neuman <bcn@isi.edu>
Mailing List
Address:ietf-aac@isi.edu
To Subscribe:ietf-aac-request@isi.edu
Archive:prospero.isi.edu:~/pub/aac/*

Charter for Working Group

The goal of the Authorization and Access Control Working Group
is to develop guidelines and an Application Programming Interface
(API) through which network accessible applications can uniformly
specify access control information. This API will allow applications
to make access control decisions when clients are not local users,
might not be members of a common organization, and often not known to
the service or application in advance.

Several authentication mechanisms are in place on the Internet, but
most applications are written with local applications in mind and no
guidelines exist for supporting authorization and access control based
on the output of such authentication mechanisms. The CAT Working
Group developed the GSS-API, a common API to support authentication.
The AAC Working Group will develop a common API that accepts the
identity of a client (perhaps the output of the GSS-API), a reference
to an object to be accessed, and optionally an indication of the
operation to be performed. The API will return a list of authorized
operations or a yes/no answer that can be easily used by the
application.

A second, longer term purpose of the working group will be to
examine evolving mechanisms and architectures for authorization in
distributed systems and to establish criteria which enable
interworking of confidence and trust across systems. The working
group will develop additional goals and milestones related to
this purpose and will submit a revised charter once the appropriate
goals and milestones are determined. To the extent possible this
additional work will encourage evolution toward credential formats
that more readily allow support for or translation across multiple
mechanisms.

Milestones

Done
Submit charter and milestones for approval.
Done
Meet at the Columbus IETF to identify common characteristics of evolving distributed authorization mechanisms and begin discussion of approaches for interoperability across mechanisms.
Jun 1993
Post draft API as an Internet-Draft.
Jun 1993
Post an Internet-Draft of the guidelines for authorization and access control for network accessible applications.
Aug 1993
Submit the AAC guidelines document for approval as an Informational RFC.
Jan 1994
Submit the AAC API for consideration as an Experimental RFC.